We have a third party that redirects their users to our site. Currently they pass the user authentication information in an encrypted string.
Now they want us to support SAML2.0 tokens. How easy or difficult it is to use WIF for this requirement? what other (free) solutions should I look into? Any pointers to article or code samples to the same is much appreciated.
Thanks.
If you want to consume Saml2 tokens their is built in support in the .NET framework for that, look at the Saml2Assertion and Saml2SecurityTokenHandler classes.
If you want your application to become a full SAML2 Service Provider you have to use an external library. A free implementation that provides basic functionality (which should be enough from the scenario you describe) is Kentor.AuthServces (Nuget package for mvc).
I found the following article really useful when I was looking into using SAML 2.0 tokens. Comes with good code samples
http://www.codeproject.com/Articles/504399/Understanding-Windows-Identity-Foundation-WIF
